sandbox

package
v0.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Overview

Package sandbox defines backend-agnostic interfaces for container lifecycle, execution, and network policy. Concrete implementations live in separate packages and register themselves via Register.

Index

Constants

View Source 
const NoOwner = -1

NoOwner is the sentinel for "leave default ownership" passed to [Files.WriteFile]. Either uid or gid being negative skips the chown.

Variables

View Source 
var ErrNotFound = errors.New("sandbox: not found")

ErrNotFound is returned (wrapped) by backend operations when the target instance or snapshot does not exist. Callers can use errors.Is to disambiguate from other errors.

Functions

func Register 

func Register(name string, f Factory)

Register makes a backend available by name. It is intended to be called from init() in backend implementation packages.

func WrapNotFound added in v0.6.0 

func WrapNotFound(err error) error

WrapNotFound translates upstream "not found" errors into a ErrNotFound chain so callers can use errors.Is(err, ErrNotFound). Other errors pass through unchanged. Idempotent — wrapping an already-wrapped error returns it as-is.

This is the single place that interprets upstream error message wording for both Incus and TrueNAS backends. Both libraries currently return English "not found" / "Not Found" phrasing. If a future backend uses a library with different wording, that backend can either:

  • rely on this helper if its upstream library also uses English "not found" phrasing,
  • define its own wrapping helper, or
  • this helper can be extended to accept additional matchers.

The first time either upstream library exposes a typed IsNotFound predicate, switch the body to use that — call sites stay the same.

Types

type Backend 

type Backend interface {
	Create(ctx context.Context, opts CreateOpts) (*Instance, error)
	Get(ctx context.Context, name string) (*Instance, error)
	List(ctx context.Context) ([]Instance, error)
	Start(ctx context.Context, name string) error
	Stop(ctx context.Context, name string) error
	Delete(ctx context.Context, name string) error

	CreateSnapshot(ctx context.Context, name, label string) error
	ListSnapshots(ctx context.Context, name string) ([]Snapshot, error)
	DeleteSnapshot(ctx context.Context, name, label string) error
	RestoreSnapshot(ctx context.Context, name, label string) error
	CloneFrom(ctx context.Context, source, label, newName string) error

	Capabilities() Capabilities
	Close() error
}

Backend manages the lifecycle of sandbox instances and their snapshots.

type Capabilities 

type Capabilities struct {
	Snapshots     bool
	CloneFrom     bool
	EgressControl bool
}

Capabilities advertises optional features a backend supports.

type ConsoleOpts 

type ConsoleOpts struct {
	Env       []string
	RemoteCmd []string
}

ConsoleOpts holds parameters for attaching an interactive console.

type CreateOpts 

type CreateOpts struct {
	Name   string
	Image  string
	CPU    string
	Memory int64
	Bare   bool // create instance only, skip provisioning and SSH wait
}

CreateOpts holds parameters for creating a new sandbox instance.

type EgressMode 

type EgressMode string

EgressMode controls what network traffic a sandbox may initiate. 

const (
	EgressUnrestricted EgressMode = "unrestricted"
	EgressAgent        EgressMode = "agent"
	EgressAllowlist    EgressMode = "allowlist"
)

type Exec 

type Exec interface {
	Run(ctx context.Context, name string, opts ExecOpts) (exitCode int, err error)
	Output(ctx context.Context, name string, cmd []string) ([]byte, error)
	Console(ctx context.Context, name string, opts ConsoleOpts) error
	Ready(ctx context.Context, name string, timeout time.Duration) error
}

Exec runs commands and interactive sessions inside a sandbox instance.

type ExecOpts 

type ExecOpts struct {
	Cmd    []string
	Env    []string
	Stdin  io.Reader
	Stdout io.Writer
	Stderr io.Writer
	Root   bool // run as root instead of the configured sandbox user
}

ExecOpts holds parameters for running a command inside a sandbox.

type Factory 

type Factory func(cfg map[string]string) (Sandbox, error)

Factory constructs a Sandbox from backend-specific configuration. The cfg map is interpreted by each backend (e.g. "host" and "api_key" for TrueNAS, "socket" for Incus).

type FileEntry added in v0.6.0 

type FileEntry struct {
	Path  string      `json:"path"`
	Size  int64       `json:"size"`
	Mode  os.FileMode `json:"mode"`
	IsDir bool        `json:"is_dir"`
}

FileEntry describes one entry in a ListFiles result.

type Files added in v0.6.0 

type Files interface {
	// WriteFile writes content to path inside the sandbox with the given mode.
	// uid/gid set the resulting file's ownership; pass negative values to
	// leave the backend default (root for filesystem-API writes; the
	// configured exec user for SSH/exec-based writes).
	WriteFile(ctx context.Context, name, path string, content []byte, mode os.FileMode, uid, gid int) error
	ReadFile(ctx context.Context, name, path string, maxBytes int64) (content []byte, truncated bool, err error)
	ListFiles(ctx context.Context, name, path string, recursive bool) ([]FileEntry, error)
	DeleteFile(ctx context.Context, name, path string) error
}

Files provides byte-level file I/O into a sandbox instance.

type Instance 

type Instance struct {
	Name      string
	Status    Status
	Addresses []string
}

Instance is the backend-agnostic representation of a container.

type NetworkPolicy 

type NetworkPolicy interface {
	SetEgressMode(ctx context.Context, name string, mode EgressMode) error
	AllowDomain(ctx context.Context, name, domain string) error
	DenyDomain(ctx context.Context, name, domain string) error
	GetPolicy(ctx context.Context, name string) (*Policy, error)
}

NetworkPolicy controls egress filtering for a sandbox instance.

type Policy 

type Policy struct {
	Mode    EgressMode
	Domains []string
}

Policy describes the current egress policy for a sandbox instance.

type Sandbox 

type Sandbox interface {
	Backend
	Exec
	Files
	NetworkPolicy
}

Sandbox composes all sandbox capabilities into a single interface.

func Open 

func Open(name string, cfg map[string]string) (Sandbox, error)

Open returns a Sandbox for the named backend, configured with cfg. If no backend is registered under that name, it returns an error.

type Snapshot 

type Snapshot struct {
	Label     string
	Size      int64
	CreatedAt time.Time
}

Snapshot is a point-in-time capture of an instance's filesystem.

type Status 

type Status string

Status represents a container's lifecycle state. 

const (
	StatusRunning Status = "RUNNING"
	StatusStopped Status = "STOPPED"
)

func (Status) IsRunning 

func (s Status) IsRunning() bool

IsRunning reports whether the container is in a running state.

Source Files

View all Source files

Directories

Path Synopsis
Package incus implements the sandbox.Sandbox interface using a native Incus daemon connection (local unix socket or remote HTTPS).
 Package incus implements the sandbox.Sandbox interface using a native Incus daemon connection (local unix socket or remote HTTPS).
Package truenas implements the sandbox.Sandbox interface using TrueNAS Incus containers via the WebSocket API.
 Package truenas implements the sandbox.Sandbox interface using TrueNAS Incus containers via the WebSocket API.
Package user defines the unprivileged sandbox user that container file operations write as.
 Package user defines the unprivileged sandbox user that container file operations write as.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.